Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/1ae9d8b2-218c-4376-936d-185032ce890b.roa
File: 1ae9d8b2-218c-4376-936d-185032ce890b.roa (raw, json)
Hash identifier: i6yAqFeGbEuVf9fMe5JXt155ticGI2cMp95+3WtF08w=
Subject key identifier: 59:AE:B4:77:81:93:FF:D6:16:1B:67:E9:A6:5F:E0:98:4D:AA:6E:76
Certificate issuer: /CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Certificate serial: 257102BC469BA43D398354BC9A2C6590301C4DFC
Authority key identifier: 4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/1ae9d8b2-218c-4376-936d-185032ce890b.roa
Signing time: Tue 15 Jul 2025 00:21:16 +0000
ROA not before: Tue 15 Jul 2025 00:21:16 +0000
ROA not after: Tue 19 Aug 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:f840::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 08:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:71:02:bc:46:9b:a4:3d:39:83:54:bc:9a:2c:65:90:30:1c:4d:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e9f45fd65cea47fce533f11cfc15c475554dfbc
Validity
Not Before: Jul 15 00:21:16 2025 GMT
Not After : Aug 19 23:59:59 2025 GMT
Subject: serialNumber=33f5540aa677c0074257658f032d7a18283ccb05a3f2767bed9badaf0ab5675d, CN=f6903138-420a-4c84-bf3d-9aea81f23eb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:b5:16:bc:17:f2:17:27:a9:94:8c:0d:cb:3d:
84:3d:be:74:61:be:f2:84:57:a2:2d:3a:29:d4:ec:
90:32:a2:2a:b0:09:51:72:ac:40:04:ba:a4:ae:1a:
1b:80:e1:48:b3:d9:5d:c3:a0:2a:09:26:37:b5:de:
e0:e7:69:62:8a:b3:67:a5:f8:93:64:0c:31:00:95:
ee:dc:2f:9f:05:72:c0:60:1b:4a:7e:de:92:85:a2:
0c:96:b1:8e:ed:02:fe:30:ad:88:f0:3c:d7:08:a9:
41:5f:67:94:07:df:6d:cc:95:63:34:cc:0d:3e:cc:
3e:50:eb:a1:b4:ec:3b:70:08:54:33:3d:57:7f:a0:
69:ec:be:cd:d6:f9:bc:b1:2a:55:3e:d3:d0:44:2d:
a9:e4:c5:f1:6c:66:53:09:ad:60:81:9a:a5:7a:1f:
31:df:c1:89:87:db:5d:7d:c1:ca:2d:88:07:5c:12:
6e:66:c7:ab:cd:bb:0b:95:d4:c0:b6:b2:07:e6:d7:
d4:49:08:fb:ef:b8:4d:92:f0:5f:32:7d:38:b8:bb:
5b:c6:eb:9f:d8:cd:be:38:c9:5b:08:2a:50:28:dc:
b2:b2:ed:e4:d7:f2:bb:92:69:f3:00:a6:95:21:7e:
53:f6:78:10:59:10:9e:48:ca:f8:e9:20:36:87:aa:
2d:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:AE:B4:77:81:93:FF:D6:16:1B:67:E9:A6:5F:E0:98:4D:AA:6E:76
X509v3 Authority Key Identifier:
keyid:4E:9F:45:FD:65:CE:A4:7F:CE:53:3F:11:CF:C1:5C:47:55:54:DF:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9F_WXOpH_OUz8Rz8FcR1VU37w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/1ae9d8b2-218c-4376-936d-185032ce890b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/cfadba4d-134c-4a1e-9d9c-64e8c5d613f3/Ov-his08I996RofT9UA-owflnzY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:f840::/48
Signature Algorithm: sha256WithRSAEncryption
45:09:bf:90:e0:97:11:da:0e:ec:35:75:23:1d:8f:58:85:b0:
ca:88:49:11:dc:14:e3:f3:42:e5:c5:63:a2:93:0e:c4:ca:cc:
1d:f6:6d:7d:ef:aa:db:91:37:21:2c:7f:d9:b1:ad:98:60:95:
4b:f3:6b:0e:76:6a:53:c6:c6:83:a6:c8:a8:1a:bc:f1:45:7a:
ed:94:86:87:2a:64:53:8f:6b:8f:13:4d:4e:d5:39:89:d3:a5:
c3:71:56:c8:0d:35:e1:29:d0:e7:0d:c3:88:73:41:7c:bd:23:
05:d4:55:cd:74:7e:f5:88:55:01:20:a6:e7:e7:53:ca:23:34:
b8:15:22:a0:f4:66:21:d4:6b:1a:fc:65:e4:6f:9b:a7:1c:e1:
ce:e4:a1:40:fa:b8:b7:d9:5e:66:f0:f6:b4:52:01:bb:a3:34:
97:be:1d:17:ec:b5:1c:d0:62:8f:90:55:d6:8e:b8:f1:69:70:
b8:02:f5:f4:c5:01:28:92:39:b2:68:1f:12:c7:bf:de:c8:10:
93:dc:c0:29:f2:eb:17:b4:ae:f8:23:a2:de:84:05:dd:11:43:
66:dc:23:3a:35:95:75:44:ed:a2:4b:b6:fc:ba:cc:62:44:33:
91:ae:e7:56:a5:3d:cb:16:ca:a7:93:f0:3d:b3:7f:24:a4:c1:
82:bb:f2:97
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUJXECvEabpD05g1S8mixlkDAcTfwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGU5ZjQ1ZmQ2NWNlYTQ3ZmNlNTMzZjExY2ZjMTVjNDc1
NTU0ZGZiYzAeFw0yNTA3MTUwMDIxMTZaFw0yNTA4MTkyMzU5NTlaMHoxSTBHBgNV
BAUTQDMzZjU1NDBhYTY3N2MwMDc0MjU3NjU4ZjAzMmQ3YTE4MjgzY2NiMDVhM2Yy
NzY3YmVkOWJhZGFmMGFiNTY3NWQxLTArBgNVBAMTJGY2OTAzMTM4LTQyMGEtNGM4
NC1iZjNkLTlhZWE4MWYyM2ViNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMO1FrwX8hcnqZSMDcs9hD2+dGG+8oRXoi06KdTskDKiKrAJUXKsQAS6pK4a
G4DhSLPZXcOgKgkmN7Xe4OdpYoqzZ6X4k2QMMQCV7twvnwVywGAbSn7ekoWiDJax
ju0C/jCtiPA81wipQV9nlAffbcyVYzTMDT7MPlDrobTsO3AIVDM9V3+gaey+zdb5
vLEqVT7T0EQtqeTF8WxmUwmtYIGapXofMd/BiYfbXX3Byi2IB1wSbmbHq827C5XU
wLayB+bX1EkI+++4TZLwXzJ9OLi7W8brn9jNvjjJWwgqUCjcsrLt5Nfyu5Jp8wCm
lSF+U/Z4EFkQnkjK+OkgNoeqLQMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRZrrR3
gZP/1hYbZ+mmX+CYTapudjAfBgNVHSMEGDAWgBROn0X9Zc6kf85TPxHPwVxHVVTf
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RwOUZfV1hP
cEhfT1V6OFJ6OEZjUjFWVTM3dy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9jZmFkYmE0ZC0xMzRjLTRhMWUtOWQ5Yy02NGU4YzVkNjEzZjMv
MWFlOWQ4YjItMjE4Yy00Mzc2LTkzNmQtMTg1MDMyY2U4OTBiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvY2ZhZGJhNGQtMTM0Yy00YTFlLTlkOWMtNjRlOGM1ZDYx
M2YzL092LWhpczA4STk5NlJvZlQ5VUEtb3dmbG56WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8f4
QDANBgkqhkiG9w0BAQsFAAOCAQEARQm/kOCXEdoO7DV1Ix2PWIWwyohJEdwU4/NC
5cVjopMOxMrMHfZtfe+q25E3ISx/2bGtmGCVS/NrDnZqU8bGg6bIqBq88UV67ZSG
hypkU49rjxNNTtU5idOlw3FWyA014SnQ5w3DiHNBfL0jBdRVzXR+9YhVASCm5+dT
yiM0uBUioPRmIdRrGvxl5G+bpxzhzuShQPq4t9leZvD2tFIBu6M0l74dF+y1HNBi
j5BV1o648WlwuAL19MUBKJI5smgfEse/3sgQk9zAKfLrF7Su+COi3oQF3RFDZtwj
OjWVdUTtoku2/LrMYkQzka7nVqU9yxbKp5PwPbN/JKTBgrvylw==
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:45:17 2025 by rpki-client